Which EFI firmware should your Mac be using?

Apple doesn’t provide a list of the current EFI firmware versions which should be installed on each model of Mac. At least, it didn’t until it released macOS High Sierra. Because this latest version of macOS includes a new tool, eficheck, which performs a weekly check on firmware, there was a list of known firmware versions included in that.

You can obtain the latest list by typing the following in Terminal:ls /usr/libexec/firmwarecheckers/eficheck/EFIAllowListShipping.bundle/allowlists
which displays the recognised EFI firmware versions known to the eficheck tool (High Sierra only).

Since the initial release of High Sierra, I have maintained this list from those firmware updates included in each system software and security update.

iMac:

iMac10,1 00D0 00B

iMac11,1 0039 00B

iMac11,2 005D 00B

iMac12,1 004F 00B

iMac12,2 004F B00

iMac13,1 0115 B00

iMac14,1, iMac14,2, iMac14,3 0130 B00, or 0122 B00 for El Capitan?

iMac14,4 0189 B00

iMac15,1 0217 B00

iMac16,1, iMac16,2 0219 B00

iMac17,1 0154 B00

iMac18,1, iMac18,3 0158 B00

Apple doesn’t list the iMac12,2, but Ariel in a comment below reports it as being 004E B00 following 10.13.4, and I expect that to have risen to 004F B00 following installation of 10.13.5. Of these, only the iMac10,1 was not updated in 10.13.5.

MacBook:

MacBook6,1 00CC 00B

MacBook7,1 003F 00B

MacBook8,1 0173 B00

MacBook9,1 0169 B00

MacBook10,1 0161 B00

Of these, the MacBook6,1 and MacBook7,1 were not updated in 10.13.5.

MacBook Air:

MacBookAir3,1 0069 00B

MacBookAir4,1, MacBookAir4,2 0080 B00

MacBookAir5,1 00F8 B00

MacBookAir6,1 0107 B00

MacBookAir7,1 0177 B00

Of these, only the MacBookAir3,1 was not updated in 10.13.5.

MacBook Pro:

MacBookPro6,1 005D 00B

MacBookPro7,1 003F 00B

MacBookPro8,1 0050 00B

MacBookPro9,1 00DA B00

MacBookPro10,1 00F6 B00

MacBookPro10,2 010E B00

MacBookPro11,1, MacBookPro11,2 0146 B00

MacBookPro11,4 0183 B00

MacBookPro12,1 0176 B00, may be 0177 B00 with latest betas

MacBookPro13,1 0220 B00

MacBookPro13,2, MacBookPro13,3 0244 B00

MacBookPro14,1, MacBookPro14,2, MacBookPro14,3 0175 B00

Neither Apple nor Duo list the MacBookPro11,3, but iawhciwc in a comment below reports it as being 0142 B00; I suspect that this should now be updated to 0146 B00. Of these, only the MacBookPro7,1 was not updated in 10.13.5.

Mac mini:

Macmini4,1 0047 00B

Macmini5,1 0080 B00

Macmini6,1, Macmini6,2 010E B00

Macmini7,1 0231 B00, or 0224 B00 for El Capitan?

Of these, only the Macmini4,1 was not updated in 10.13.5.

Mac Pro:

MacPro5,1 0085 B00

MacPro6,1 0124 B00

Apple doesn’t list the MacPro5,1, but Jay in a comment below reports it as being 0085 B00 following 10.13.4. I don’t know whether this changed with 10.13.5, but no EFI firmware update is listed there for that model.

Observation: in Apple’s initial list of versions for High Sierra, the minor versions were universally B00. In its revised list, included within the Supplemental Update, some of those changed to 00B, as noted above. The significance of this is unclear, but it suggests that the first EFI firmware updates for some models had problems, and have since been replaced with 00B versions in that supplemental update.

If you’re not sure how to discover the model code of your Mac, use the About This Mac command at the top of the Apple menu, and click on the System Report… button. In System Information, in the Hardware Overview listing, this is given as the Model Identifier.

The Boot ROM Version given in that Hardware Overview typically looks likeIM171.0151.B00
In that, IM171 is the model identifier, here iMac17,1. The firmware version is then given in hexadecimal, with the major version first, followed by the minor version. So in that case, the major version is 0151 (337 decimal), and the minor version is B00 (2816). That is a higher number and thus more recent than 010F.B25, as the major version is greater, even though the minor version is lower.

If your firmware version is more recent than those given above, please let me know in a comment, so that I can improve the above listing for us all.

If your EFI firmware version seems out of date, download the last Combo updater and/or subsequent Security Updates for the version of macOS / OS X which it is running, from Apple Support. Install those, and check the firmware version again. Consider upgrading to Sierra or High Sierra as appropriate. EFI firmware updaters are now only distributed as part of macOS / OS X updates and upgrades: Apple does not provide them separately.

I strongly recommend that you consult Duo’s excellent report on EFI firmware security and updates, from which I have extracted initial data for this article. We should all be very grateful to Duo for carrying out and publishing that research, and to Apple’s EFI firmware engineers for their efforts to keep us on the straight and narrow.

It will be interesting to see how Apple’s EFI management process interacts with unsupported Macs (and Hackintoshes) that use third party patches to run Sierra and High Sierra. I have an unsupported 2009 mini that I use for experimentation that has been running Sierra very nicely, and I plan to give High Sierra a whirl on it.

I proceeded with two different High Sierra installations on my unsupported test 2.26 GHz Late 2009 Macmini3,1 using Collin Mistr’s High Sierra installation patch. I had previously upgraded the hardware to 8 GB of RAM and a 1 TB Crucial MX300 SSD.

The first installation was an upgrade from a default El Capitan 10.11.6 installation, and the second was a clean installation after erasing the drive with the High Sierra installation disk’s Disk Utility.

At various times, this particular mini has run every major version of macOS from the originally shipped Snow Leopard to Sierra 10.12.6.

I first noted the system firmware version while running Sierra 10.12.6 (MM31.00AD.B00), and there was no change in the firmware when either downgrading to El Capitan 10.11.6 or upgrading to High Sierra (installer version 13.0.66, downloaded from Apple on 6 Oct).

Interestingly, the High Sierra upgrade did *not* convert the SSD to APFS; in all scenarios the drive remained HFS+ formatted. The trimforce command appears to have enable TRIM support successfully.

As a general observation, the system runs High Sierra very well, aside from Apple’s decision to drop support for certain versions of the Airport card in Sierra and beyond. Via ethernet or a USB wireless adapter, Safari performs crisply, and I notice no particular system delays elsewhere. While I am used to an i7 computer as my primary desktop machine, this old mini running High Sierra feels perfectly acceptable for daily use as a general purpose machine.

Thank you for your interesting insights.
From the date, you have used the latest version of the installer, which is supposedly ‘fixed’. That was probably a very wise call!
I’m delighted it seems to be working well too.
Howard.

I’m not sure how useful random examples are but anyway:
My MBP 13.3 (late-2016, the first model with Touchbar, mine is a 2016 example) is listed as having “0233 B00, or 0226 B22 or 0226 B23 in Sierra”. In fact, running Sierra 10.12.6 and having been through the standard update process, my firmware version is MBP133.0226.B25. The number would suggest that it’s newer than the listed examples?

I remember a firmware update that addressed some initial video glitches but I don’t remember which Sierra update contained it.

An update: I have just taken the plunge and updated to High Sierra. My firmware version (on the MBP 13.3) is now 0233.B00 which matches the Apple (eficheck) version number in HS. Hopefully there are some bug fixes in there as well as the HS changes.

In botrh cases below the laptop has been updated in-situ through all OS versions since whatever it first had as far as macOS 10.12.6. I’ve not gone to High Sierra yet as I’m waiting to see what utilities are broken and not yet patched.

Actually Apple did/does sort of have a list of computer models and their “correct” firmware versions on a support page. However, the list is an embarrassing mess with wrong info and links to firmware downloads files that don’t match the versions on the list. Until very recently it was a current support document and I see now it has been labeled as an older one however I’m sure the mistakes are all still there since Apple seems to be getting fairly sloppy lately imho. https://support.apple.com/en-us/HT201518 It’s sort of telling/concerning that something like firmware would be treated with such disregard as to keep the content available for so long without so much as a review for accuracy.

I posted a question on the far sketchier than I’d imagined forum known as “Apple Communities” and didn’t receive much of an answer..just the typical “well what are you doing wondering about your computer anyway…you some kind of firmware obsessed paranoid weirdo?” “download and run this third party software that can’t make it into the Mac app store and is constantly promoted by a team of fanatics who swear its not malware despite what mcafee and numerous other AV companies say and are clueless when faced with any real substantive questions on the topic yet are sophisticated enough to develop software and consider themselves experts who dole out advice and opinions without citing a single source ever as if they’re omnipotent. The final conclusion of their advice is almost always that everything is perfectly normal and nothing to be concerned about..nothing to see hear folks. move along…right.

But seriously it shouldn’t be called firmware anyway, its very misleading since it’s really just software (like pretty much all firmware is now). The availability of an update proves it is just as soft as any. There isn’t even a checksum/hash with the linked file that is ultimately downloaded exclusively over HTTP insecure after being redirected to a CDN whose servers/IP addresses are for sale to anyone with $25 like every download/update from Apple. The files also for the most part are backed by Apple’s ancient root certificate with a SHA1 hash algorithm who’s private key has been compromised so by their own PKI’s established policy needs to be revoked but is still being used despite having somewhat more secure certificates already available. It’s all a joke anyway since the keychain doesn’t evaluate them properly anyway or even bother to use Certificate Revocation Lists..just my 3 cents.

I don’t know why Apple doesn’t list that model. Perhaps it is simply treated as an 11,1 or 11,2 for EFI purposes, but it doesn’t appear in Apple’s collection of EFI firmware updates as an 11,3.
I don’t doubt that it’s an excellent model – but I can only list what Apple lists.
Howard.

I’m wondering about a possible downside to updating the firmware on a Mac. I have a 10.8.5 volume and a 10.12.6 volume on my MacBook Pro 9,2, each used for different work and relying on a common data volume. An update for the Sierra volume downloaded containing:
EmbeddedOSFirmware.pkg 59.3 MB
FirmwareUpdate.pkg 200.8 MB
Correct me if I’m wrong, but with no documentation from Apple on their firmwares, isn’t it possible that these updates will cripple my 10.8.5? My MacBook Pro was shipped with 10.10.1, and I was lucky that it had oldish firmware allowing me to install 10.8.5 on it. Having newest firmware isn’t always desirable, if multiboot is what makes the Mac desirable.
I’d just blow-off the firmware updates if it weren’t for two annoyances with 10.12.6 which they might cure. One is that the 10.12.6 volume doesn’t appear in the 10.8.5 preferences panel with startup disks. The other is that several external USB 3.0 drives with 10.12.6 volumes can’t boot the computer. I tried five. Two worked fine. One worked, but didn’t appear in the Options key boot choices. Two couldn’t boot. The enclosures must use different chips, but the computer’s firmware seems to play a role too, for the USB 3.0 drives with 10.12.6 volumes that didn’t work on the MacBook Pro 9,2 did work fine booting another Mac (although it had USB 2.0).
I’ll report the Boot ROM versions for the upgrade if someone can explain where they are hidden in the .pkg’s (explorable with Pacifist). The two questions above also require expert opinion: whether firmware upgrades can reject the early operating system; whether firmware upgrades can get around some of the Sierra booting limitations.
Thanks.
DC

I don’t know the answer to any of your questions, I’m afraid, and (outside of Apple’s firmware team) I don’t know anyone who does.
However, I think that you should be very wary of running 10.8.5. I do have a system here still running 10.6.8, but it’s long due retirement, and once I can get a new i7 MacBook, it is going.
Your old firmware and 10.8.5 are full of gaping vulnerabilities which will never be patched. Although Apple is doing a good job of supplying security fixes for El Cap and Sierra, nothing is going to change those left in 10.8.5.
I’m surprised that you’ve had problems with USB 3 drives and booting, although I wonder if that is because your firmware (not just EFI, but SMC et al.) is so far out of date. But I’m not sure whether anyone knows that, or can find out.
Howard.

Thanks for your thoughts, Howard. Your lead article, and the ensuing comments, are premised on the urgency to protect our computers from intrusion. Maintaining computer functionality deserves consideration too. I’m running a 10.8.5 system not out of nostalgia, but because some programs run on it that won’t run on 10.12.6. For newer OS, some old programs have updates, but some don’t.

You say: “I’m surprised that you’ve had problems with USB 3 drives and booting, although I wonder if that is because your firmware (not just EFI, but SMC et al.) is so far out of date.”
My firmware is at most slightly out of date. It is a Pro MacBook Pro (13-inch, Mid 2012) 9,2 with:
Boot ROM Version: MBP91.00D3.B22
SMC Version (system): 2.2f44
The notoriously archived Apple support page (published date: Sep 25, 2017) says the firmware should be:
Boot ROM Version: MBP91.00D3.B0C
SMC Version (system): 2.2f44
Note that B22 > B0C.

The current EFI firmware version for a MacBook Pro 9,1 is 00D7 B00, as shown above. That would appear to be four major version numbers more recent that your current version, which seems quite a big gap to me.
All these issues are risks. The problem that we have is that we don’t know the differences in risk between the current EFI firmware and the old, or even really between 10.8.5 and 10.13.3.
I think if I needed to run 10.8.5, I’d only do so disconnected completely from anything internet. Our 10.6.8 system is used for a very limited range of online purposes. Occasionally I go back and use one of my older Macs, even my IIfx, but kept in isolation.
Howard.

“You’re running MM61.010D.B00, but we expected you to be running MM61.010B.B00.”

Obviously, it was expecting an older EFI version, and doesn’t seem to know that a later version is available. Not sure if the web site is out of date and the command line or GUI tool would give a different result. I assume you know about:

Thank you – I have added that to the list.
The problem is, I think, the fact that the EFI firmware updates don’t list all models. In your mini’s case, it is a Macmini6,2, but Apple doesn’t provide a separate update for that, it uses the Macmini6,1 update.
I can handle that in my manual listing; it may well be more tricky for the EFIgy project. I don’t know how they’re extracting the information. I work through all the updates provided by Apple and inspect them to check. It’s probably just as easy for me to do that, and I can always cope with unusual models.
Howard.

Here is my info, I noted that there are no 12,2 (iMac 27″ mid 2011) in your list, mine is a 12,2 with a IM121.004E.B00 Boot Rom/Firmware version

OS MacOS High Sierra 10.13.4
I had to buy a genuine Apple Hard drive for the firmware upgrade to work and to install Mac OS High Sierra. Otherwise the firmware update and the OS install consistently failed with a “failed to verify firmware” error message and the HDD OS ruined/un-bootable.

HDD, Device / Media Name: WDC WD10EURS-630AB1 (Western Digital)

I booted and installed macOS High Sierra from a MicroSDHC card (after the other hdd a Western Digital WD2003FYYS-02W0B1 was swapped out for a genuine Apple hdd another Western Digital a WDC WD10EURS-630AB1)

Hi, Hoakley
Could you please blank out the serial number and UUID, I talked with Apple support and they recommended not giving out the serial number or UUID. That it was a security breach, could leave me vulnerable etc.

Hi Hoakley (Howard?)
I noted that the EFIgy reports the firmware version developmental and the build version to new at 17E199, but I upgraded from the App Store. I saw during the upgrade (white screen), that the installer downloaded from the internet during the firmware/upgrade process. I saw a bar at the bottom of the screen like when in the internet recovery screen except lower at the bottom of the screen. It (the installer) downloaded from the internet. I am not running a beta or developmental release this is what was downloaded from the internet/App Store. I hope this helps, looks like Apple. is up so something new.

Thank you.
Your iMac is not running the latest EFI firmware, which should be 005C 00B. This may be because you haven’t upgraded to High Sierra yet, although I would have thought that this would have been addressed in one of the Sierra security updates.
Apple doesn’t supply EFI firmware updates as separate installs any more. All you can do now is hope that you will get an update to do that soon, or that you will eventually upgrade to High Sierra.
Howard.

Apple doesn’t document this, so I cannot give you an official explanation.
When Apple’s EFI engineers got to grips with this problem, with High Sierra last year, the minor version, in your case B00 rather than 00B, was I think set to B00 across most of the firmware. Since then, 00B versions have been appearing, as if they were minor updates. So a B00 version in one update might become 00B in the next.
From the list of firmware updates in Sierra’s Security Update 2018-003 and High Sierra 10.13.5, your EFI firmware should have been updated to 005D.00B. In the El Cap Security Update 2018-003, it might have only been 005D.B00 – I haven’t looked at that. It’s possible that 005D.B00 is higher than 00B, in which case I’m not sure how your iMac got there, unless you have installed a beta.
If you’re running High Sierra, this shouldn’t be an issue, as eficheck will sort it out. If you’re running El Cap, it might be correct. I wouldn’t worry about it, although it does seem puzzling.
Howard.

Thanks for this information, I was concerned that somehow the wrong version was on my computer, yours is the about the only up to date info out there. The commentary on the 00B vs B00 runs contrary to later versions having higher version numbers. My MBP 8,1 is 0050 B00 which agrees with the listing from my command line output. I believe you may have changed a couple from B00 to 00B that should not have been changed. I think you should simply annotate these as not officially supported in Sierra / High Sierra.

Most of the models that your listing have ending in 00B are the models which will not run Sierra or High Sierra, and these do not appear in my output at all. I did not install HS until recently, so I suspect that your listing was influenced by pre-release version numbers of Sierra which, if memory serves, initially allowed Core 2 Duo machines to test, but were excluded in later pre-release builds (Apple changing from B00 to 00B on the allowed list for those models would accomplish that), to ultimately not showing up in release at all as in my (edited) 10.13.5 (17F77) clean install output (below). If that is true, then the EFI does end on B00 if a pre-release was installed, but the OS will not recognize that version and prevents installation of subsequent releases.

Thank you.
All of this would be so much simpler if Apple actually documented it.
The list above is based on the EFI Firmware updates bundled in the latest macOS updates, in this case 10.13.5. In that, the version provided for MacBookPro8,1 is not 0050 B00, but 0050 00B. I have just checked that (for about the fourth time!) in the installer package.
In theory, the B00 or 00B should be the minor version number, and B00 should be higher (more recent) than 00B. However, it is odd that Apple only seems to have two minor version numbers for all its EFI firmware versions now, in decimal notation 11 and 2816. I therefore don’t believe that is what that ‘minor version number’ means, rather that it is a designator used by Apple. We therefore don’t know the meaning of B00 and 00B designators, nor whether B00 is really more recent than or preferred over 00B.
We can, though, be confident that the 00B designator doesn’t mean that the model cannot be upgraded to Sierra or High Sierra, otherwise Apple would be most unlikely to include those EFI firmware updates in the 10.13.5 update! But yes, 00B designators are associated with older models of Mac.
The 10.13.5 firmware updates include a total of eleven 00B versions. As we don’t know how eficheck handles 00B and B00 designators, I think it would be dangerous to presume anything from its allow list.
I don’t (intentionally) change the listing above as a result of any influence other than the versions supplied, and presumably installed, by the latest macOS updates provided by Apple, which are the most definitive information which it publishes.
Howard.

Oh – I should also point out that, unless otherwise stated, versions given above are for Macs running release versions of macOS. EFI firmware updates which are included in betas shouldn’t be revealed here, under Apple’s non-disclosure policy.
Which is a shame, but at least keeps things simpler.
Howard.

Well, although it’s a puzzle, I wouldn’t worry about it. I’m not sure how your firmware came to that version though, as the version given above is that installed by the latest Sierra Security Update.
Howard.

MacPro5,1 was updated to MP51.0087.B00 on 10.13.5. If you just update from 10.13.4 in the app store running version MP51.0085.B00 the update will not be installed. I have two of these MacPro5,1’s and both went to 10.13.5 on the old firmware.

To trigger the update download the newest “Install High Sierra.app” from the app store as if you where going to make a usb installer or you were going to just run the upgrade even though you are already on the newest version. It will not let you install without a firmware update and you can let it do that by hitting shutdown and following the on-screen instructions. When it finishes flashing the firmware and reboots it will allow you to continue the install, you can just quit it out from here no need to install what you already have (unless you are on an older version than 10.13.5) and drag it into the trash unless you want to keep it or reinstall.

Thank you. Not having a Mac Pro 5,1 here, I cannot check that.
I don’t compile these lists from App Store updates, but from the list of EFI firmware updates supplied with the standalone installer. And the update provided with 10.13.5, for that model, was 0085 B00.
It seems worrying that after all this work, Apple’s installers don’t appear to be consistent in their EFI firmware updates!
Howard.

The version given above in my table is that which is provided with, and installed by, the standalone 10.13.5 updater.
The security release notes which you cite do not state which EFI firmware version includes that patch. If it is the one provided in the standalone 10.13.5 updater, then it is the version given above.
I’m afraid that I cannot just make up EFI firmware versions because some Macs appear to have different. Some users will have higher version numbers, but those given above are those which ship with the latest macOS 10.13.5 update, and therefore are the versions which users should expect as a minimum – which is the purpose of the list.
Apple doesn’t publish a list of expected version numbers. This is the closest that we can get, AFAIK. If you know of a better method, then please suggest it.
Howard.

OK: I have been back and checked all the 10.13 updates, and am now thoroughly puzzled.
There has been no official EFI firmware update installed for the Mac Pro 5,1 by the delta updates since the original version of High Sierra. The version number quoted above is therefore that expected by a Mac Pro 5,1 which has undergone stepwise update to 10.13.5.
It begs the question as to how you, and presumably some others, have a higher version installed. Higher versions are not uncommon with beta releases, and that could have applied to any beta since 10.12.6.
Does the Mac Pro 5,1 have a different channel for the delivery and installation of EFI firmware updates? Not according to Apple: they come only with macOS updates now.
Is the 0087 B00 version Apple’s preferred firmware version for the Mac Pro 5,1? Who knows?
Thanks for raising this fascinating issue – it’s a shame that only Apple can answer the questions, but won’t.
Howard.

Thanks, Cypress.
Please refer to version 2 of this article, where I have removed this model from the normal list, and provide more of an explanation. In short, it doesn’t seem to be receiving updates, and I don’t know where they are coming from!
Howard.